How can I use a secure file in a CircleCI build?

Question

I am trying to build a project on CircleCI that needs access to a secure file. I cannot use an environment variable, it must be in the form of a file. In my case it is specifically a Maven settings.xml file, but there are other use cases. What can I do?

Answer 1

There are actually quite a few solutions to this problem:

File as Environment Variable

If the contents of the file are short (just a password for example), you can store the entire file as an environment variable, and then add a line like this to your circle.yaml build file:

echo $SECURE_FILE > mySecureFile

Variable Substitution

If the contents of the file are large, but only a small portion of the file is secure, you can store the file in your code repository, and then use sed to replace a fixed string with an environment variable, like this:

sed -e s/SECURE_PASSWORD/${SECURE_PASSWORD}/g mySecureFile.tmpl > mySecureFile

Encrypt the File

You can encrypt your config file and check it into your source repository, then store the decryption key as an environment variable. Decrypt it during the build process.

Maven Settings.xml Special Case

For the special case of Maven settings.xml files, you can use environment variables in your settings.xml, so you can do something like this:

• Store your settings.xml in conf/settings.xml
• Replace any secure text with something like this: ${env.MY_SECURE_TEXT}
• Set MY_SECURE_TEXT in the circle CI configuration
• In circle.yaml, add '-s conf/settings.xml' to your Maven build commands.